Additional PPA Agreements Reached

Russian Cyberattacks on U.S. Critical Infrastructure target energy grids, nuclear plants, water systems, and aviation, DHS and FBI warn, using spear phishing, malware, and ICS/SCADA intrusion to gain footholds for potential sabotage and disruption.

Key Points

State-backed hacks targeting U.S. energy, nuclear, water and aviation via phishing and ICS access for sabotage.

✅ DHS and FBI detail multi-stage intrusion since 2016

✅ Targets include energy, nuclear, water, aviation, manufacturing

✅ TTPs: spear phishing, lateral movement, ICS reconnaissance

Russia is attacking the U.S. energy grid, with reported power plant breaches unfolding alongside attacks on nuclear facilities, water processing plants, aviation systems, and other critical infrastructure that millions of Americans rely on, according to a new joint analysis by the FBI and the Department of Homeland Security.

In an unprecedented alert, the US Department of Homeland Security (DHS) and FBI have warned of persistent attacks by Russian government hackers on critical US government sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing.

The alert details numerous attempts extending back to March 2016 when Russian cyber operatives targeted US government and infrastructure.

The DHS and FBI said: “DHS and FBI characterise this activity as a multi-stage intrusion campaign by Russian government cyber-actors who targeted small commercial facilities’ networks, where they staged malware, conducted spear phishing and gained remote access into energy sector networks.

“After obtaining access, the Russian government cyber-actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems.”

The Trump administration has accused Russia of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.

#google#

United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt the West’s critical facilities in the event of a conflict.

They said the strikes accelerated in late 2015, at the same time the Russian interference in the American election was underway. The attackers had compromised some operators in North America and Europe by spring 2017, after President Trump was inaugurated.

In the following months, according to the DHS/FBI report, Russian hackers made their way to machines with access to utility control rooms and critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants.

Still, new computer screenshots released by the Department of Homeland Security have made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants.

“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm.

“From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said.

American intelligence agencies were aware of the attacks for the past year and a half, and the Department of Homeland Security and the F.B.I. first issued urgent warnings to utility companies in June, 2017. Both DHS/FBI have now offered new details as the Trump administration imposed sanctions against Russian individuals and organizations it accused of election meddling and “malicious cyberattacks.”

It was the first time the administration officially named Russia as the perpetrator of the assaults. And it marked the third time in recent months that the White House, departing from its usual reluctance to publicly reveal intelligence, blamed foreign government forces for attacks on infrastructure in the United States.

In December, the White House said North Korea had carried out the so-called WannaCry attack that in May paralyzed the British health system and placed ransomware in computers in schools, businesses and homes across the world. Last month, it accused Russia of being behind the NotPetya attack against Ukraine last June, the largest in a series of cyberattacks on Ukraine to date, paralyzing the country’s government agencies and financial systems.

But the penalties have been light. So far, President Trump has said little to nothing about the Russian role in those attacks.

The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.

That would suggest that at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.

For years, American intelligence officials tracked a number of Russian state-sponsored hacking units as they successfully penetrated the computer networks of critical infrastructure operators across North America and Europe, including in Ukraine.

Some of the units worked inside Russia’s Federal Security Service, the K.G.B. successor known by its Russian acronym, F.S.B.; others were embedded in the Russian military intelligence agency, known as the G.R.U. Still others were made up of Russian contractors working at the behest of Moscow.

Russian cyberattacks surged last year, starting three months after Mr. Trump took office.

American officials and private cybersecurity experts uncovered a series of Russian attacks aimed at the energy, water and aviation sectors and critical manufacturing, including nuclear plants, in the United States and Europe. In its urgent report in June, the Department of Homeland Security and the F.B.I. notified operators about the attacks but stopped short of identifying Russia as the culprit.

By then, Russian spies had compromised the business networks of several American energy, water and nuclear plants, mapping out their corporate structures and computer networks.

They included that of the Wolf Creek Nuclear Operating Corporation, which runs a nuclear plant near Burlington, Kan. But in that case, and those of other nuclear operators, Russian hackers had not leapt from the company’s business networks into the nuclear plant controls.

Forensic analysis suggested that Russian spies were looking for inroads — although it was not clear whether the goal was to conduct espionage or sabotage, or to trigger an explosion of some kind.

In a report made public in October, Symantec noted that a Russian hacking unit “appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”

The United States sometimes does the same thing. It bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital “implants” in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out. The operation was code-named “Nitro Zeus,” and its revelation made clear that getting into the critical infrastructure of adversaries is now a standard element of preparing for possible conflict.

Reconstructed screenshot fragments of a Human Machine Interface that the threat actors accessed, according to DHS

Sanctions Announced

The US treasury department has imposed sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the US 2016 presidential election and other malicious cyberattacks.

Russia, for its part, has vowed to retaliate against the new sanctions.

The new sanctions focus on five Russian groups, including the Russian Federal Security Service, the country’s military intelligence apparatus, and the digital propaganda outfit called the Internet Research Agency, as well as 19 people, some of them named in the indictment related to election meddling released by special counsel Robert Mueller last month.

In announcing the sanctions, which will generally ban U.S. people and financial institutions from doing business with those people and groups, the Treasury Department pointed to alleged Russian election meddling, involvement in the infrastructure hacks, and the NotPetya malware, which the Treasury Department called “the most destructive and costly cyberattack in history.”

The new sanctions come amid ongoing criticism of the Trump administration’s reluctance to punish Russia for cyber and election meddling. Sen. Mark Warner (D-Va.) said that, ahead of the 2018 mid-term elections, the administration’s decision was long overdue but not enough. “Nearly all of the entities and individuals who were sanctioned today were either previously under sanction during the Obama Administration, or had already been charged with federal crimes by the Special Counsel,” Warner said.

Warning: The Russians Are Coming

In an updated warning to utility companies, DHS/FBI officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls, prompting a renewed focus on protecting the U.S. power grid among operators.

American officials and security firms, including Symantec and CrowdStrike, believe that Russian attacks on the Ukrainian power grid in 2015 and 2016 that left more than 200,000 citizens there in the dark are an ominous sign of what the Russian cyberstrikes may portend in the United States and Europe in the event of escalating hostilities.

Private security firms have tracked the Russian government assaults on Western power and energy operators — conducted alternately by groups under the names Dragonfly campaigns alongside Energetic Bear and Berserk Bear — since 2011, when they first started targeting defense and aviation companies in the United States and Canada.

By 2013, researchers had tied the Russian hackers to hundreds of attacks on the U.S. power grid and oil and gas pipeline operators in the United States and Europe. Initially, the strikes appeared to be motivated by industrial espionage — a natural conclusion at the time, researchers said, given the importance of Russia’s oil and gas industry.

But by December 2015, the Russian hacks had taken an aggressive turn. The attacks were no longer aimed at intelligence gathering, but at potentially sabotaging or shutting down plant operations.

At Symantec, researchers discovered that Russian hackers had begun taking screenshots of the machinery used in energy and nuclear plants, and stealing detailed descriptions of how they operated — suggesting they were conducting reconnaissance for a future attack.

Eventhough the US government enacted sanctions, cybersecurity experts are still questioning where the Russian attacks could lead, given that the United States was sure to respond in kind.

“Russia certainly has the technical capability to do damage, as it demonstrated in the Ukraine,” said Eric Cornelius, a cybersecurity expert at Cylance, a private security firm, who previously assessed critical infrastructure threats for the Department of Homeland Security during the Obama administration.

“It is unclear what their perceived benefit would be from causing damage on U.S. soil, especially given the retaliation it would provoke,” Mr. Cornelius said.

Though a major step toward deterrence, publicly naming countries accused of cyberattacks still is unlikely to shame them into stopping. The United States is struggling to come up with proportionate responses to the wide variety of cyberespionage, vandalism and outright attacks.

Lt. Gen. Paul Nakasone, who has been nominated as director of the National Security Agency and commander of United States Cyber Command, the military’s cyberunit, said during his recent Senate confirmation hearing, that countries attacking the United States so far have little to worry about.

“I would say right now they do not think much will happen to them,” General Nakasone said. He later added, “They don’t fear us.”

Related News

• Electricity Forum News

• Grid Technologies News

Massachusetts Solar Net Metering faces new demand charges and elimination of residential time-of-use rates under an MDPU order, as Eversource cites grid cost fairness while clean energy advocates warn of impacts on distributed solar growth.

Key Points

Policy letting solar customers net out usage with exports; MDPU now adds demand charges and ends TOU rates.

✅ New residential solar demand charges start Dec 31, 2018.

✅ Optional residential TOU rates eliminated by MDPU order.

✅ Eversource cites grid cost fairness; advocates warn slower solar.

A recent Massachusetts Department of Public Utilities' rate case order changes the way solar net metering works and eliminates optional residential time-of-use rates, stirring controversy between clean energy advocates and utility Eversource and potential consumer backlash over rate design.

"There is a lot of room to talk about what net-energy metering should look like, but a demand charge is an unfair way to charge customers," Mark LeBel, staff attorney at non-profit clean energy advocacy organization Acadia Center, said in a Tuesday phone call. Acadia Center is an intervenor in the rate case and opposed the changes.

The Friday MDPU order implements demand charges for new residential solar projects starting on December 31, 2018. Such charges are based on the highest peak hourly consumption over the course of a month, regardless of what time the power is consumed.

Eversource contends the demand charge will more fairly distribute the costs of maintaining the local power grid, echoing minimum charge proposals aimed at low-usage customers. Net metering is often criticized for not evenly distributing those costs, which are effectively subsidized by non-net-metered customers.

"What the demand charge will do is eliminate, to the extent possible, the unfair cross subsidization by non-net-metered customers that currently exists with rates that only have kilowatt-hour charges and no kilowatt demand, Mike Durand, Eversource spokesman, said in a Tuesday email. 

"For net metered facilities that use little kilowatt-hours, a demand charge is a way to charge them for their fair share of the cost of the significant maintenance and upgrade work we do on the local grid every day," Durand said. "Currently, their neighbors are paying more than their share of those costs."

It will not affect existing facilities, Durand said, only those installed after December 31, 2018.

Solar advocates are not enthusiastic about the change and see it slowing the growth of solar power, particularly residential rooftop solar, in the state.

"This is a terrible outcome for the future of solar in Massachusetts," Nathan Phelps, program manager of distributed generation and regulatory policy at solar power advocacy group Vote Solar, said in a Tuesday phone call.

"It's very inconsistent with DPU precedent and numerous pieces of legislation passed in the last 10 years," Phelps said. "The commonwealth has passed several pieces of legislation that are supportive of renewable energy and solar power. I don't know what the DPU was thinking."

 

TIME-OF-USE PRICING ELIMINATED

It does not matter when during the month peak demand occurs -- which could be during the week in the evening -- customers will be charged the same as they would on a hot summer day, LeBel said. Because an individual customer's peak usage does not necessarily correspond to peak demand across the utility's system, consumers are not being provided incentives to reduce energy usage in a way that could benefit the power system, Acadia Center said in a Tuesday statement.

However, Eversource maintains that residential customer distribution peaks based on customer load profiles do not align with basic service peak periods, which are based on Independent System Operator New England's peaks that reflect market-based pricing, even as a Connecticut market overhaul advances in the region, according to the MDPU order.

"The residential Time of Use rates we're eliminating are obsolete, having been designed decades ago when we were responsible for both the generation and the delivery of electricity," Eversource's Durand said.

"We are no longer in the generation business, having divested of our generation assets in Massachusetts in compliance with the law that restructured of our industry back in the late 1990s. Time Varying pricing is best used with generation rates, where the price for electricity changes based on time of day and electricity demand and can significantly alter electric bills for households," he said.

Additionally, only 0.02% of residential customers take service on Eversource's TOU rates and it would be difficult for residential customers to avoid peak period rates because they do not have the ability to shift or reduce load, according to the order.

"The Department allowed the Companies' proposal to eliminate their optional residential TOU rates in order to consolidate and align their residential rates and tariffs to better achieve the rate structure goal of simplicity," the MDPU said in the order.

Related News

• Electricity Forum News

• Energy Policy News

ComEd Hosting Capacity Map helps Illinois communities assess photovoltaic capacity, distributed energy resources, interconnection limits, and grid planning needs, guiding developers and policymakers on siting solar, net metering feasibility, and RPS-aligned deployment by circuit.

Key Points

An online tool showing circuit-level DER capacity, PV limits, and interconnection readiness across ComEd.

✅ Circuit-level estimates of solar hosting capacity

✅ Guides siting, interconnection, and net metering

✅ Supports RPS goals with grid planning insights

As the Illinois solar market grows from the Future Energy Jobs Act, the largest utility in the state has posted a planning tool to identify potential PV capacity in their service territory. ComEd, a Northern Illinois subsidiary of Exelon, has a hosting capacity website for its communities indicating how much photovoltaic capacity can be sited in given areas, based on the existing electrical infrastructure, as utilities pilot virtual power plant programs that leverage distributed resources.

According to ComEd’s description, “Hosting Capacity is an estimate of the amount of DER [distributed energy resources] that may be accommodated under current configurations at the overall circuit level without significant system upgrades to address adverse impacts to power quality or reliability.” This website will enable developers and local decision makers to estimate how much solar could be installed by township, sections and fractions of sections as small as ½ mile by ½ mile and to gauge EV charging impacts with NREL's projection tool for distribution planning. The map sections indicate potential capacity by AC kilowatts with a link to to ComEd’s recently upgraded Interconnection and Net Metering homepage.

The Hosting Map can provide insight into how much solar can be installed in which locations in order to help solar reach a significant portion of the Illinois Renewable Portfolio Standard (RPS) of 25% electricity from renewable sources by 2025, and to plan for transportation electrification as EV charging infrastructure scales across utility territories. For example, the 18 sections of Oak Park Township capacity range from 612 to 909 kW, and total 13,260 kW of photovoltaic power. That could potentially generate around 20 million kWh, and policy actions such as the CPUC-approved PG&E EV program illustrate how electrification initiatives may influence future demand. Oak Park, according to the PlanItGreen Report Card, a joint project of the Oak Park River Forest Community Foundation and Seven Generations Ahead, uses about 325 million kWh.

Based on ComEd’s Hosting Capacity, Oak Park could generate about 6% of its electricity from solar power located within its borders. Going significantly beyond this amount would likely require a combination of upgrades by ComEd’s infrastructure, potentially higher interconnection costs and deployment of technologies like energy storage solutions. What this does indicate is that a densely populated community like Oak Park would most likely have to get the majority of its solar and renewable electricity from outside its boundaries to reach the statewide RPS goal of 25%. The Hosting Capacity Map shows a considerable disparity among communities in ½ mile by ½ mile sections with some able to host only 100-200 kWs to some with capacities of over 3,000 kW.

Related News

• Electricity Forum News

• Renewable Energy News

ICT Electricity Demand is surging as data centers, 5G, IoT, and server farms expand, straining grids, boosting carbon emissions, and challenging climate targets unless efficiency, renewable energy, and smarter cooling dramatically improve.

Key Points

ICT electricity demand is power used by networks, devices, and data centers across the global communications sector.

✅ Projected to reach up to 20 percent of global electricity by 2025

✅ Driven by data centers, 5G traffic, IoT, and high-res streaming

✅ Mitigation: efficiency, renewable PPAs, advanced cooling, workload shifts

The communications industry could use 20% of all the world’s electricity by 2025, hampering attempts to meet climate change targets, even as countries like New Zealand's electrification plans seek broader decarbonization, and straining grids as demand by power-hungry server farms storing digital data from billions of smartphones, tablets and internet-connected devices grows exponentially.

The industry has long argued that it can considerably reduce carbon emissions by increasing efficiency and reducing waste, but academics are challenging industry assumptions. A new paper, due to be published by US researchers later this month, will forecast that information and communications technology could create up to 3.5% of global emissions by 2020 – surpassing aviation and shipping – and up to 14% 2040, around the same proportion as the US today.

Global computing power demand from internet-connected devices, high resolution video streaming, emails, surveillance cameras and a new generation of smart TVs is increasing 20% a year, consuming roughly 3-5% of the world’s electricity in 2015, says Swedish researcher Anders Andrae.

In an update o a 2016 peer-reviewed study, Andrae found that without dramatic increases in efficiency, the ICT industry could use 20% of all electricity and emit up to 5.5% of the world’s carbon emissions by 2025. This would be more than any country, except China, India and the USA, where China's data center electricity use is drawing scrutiny.

He expects industry power demand to increase from 200-300 terawatt hours (TWh) of electricity a year now, to 1,200 or even 3,000TWh by 2025. Data centres on their own could produce 1.9 gigatonnes (Gt) (or 3.2% of the global total) of carbon emissions, he says.

“The situation is alarming,” said Andrae, who works for the Chinese communications technology firm Huawei. “We have a tsunami of data approaching. Everything which can be is being digitalised. It is a perfect storm. 5G [the fifth generation of mobile technology] is coming, IP [internet protocol] traffic is much higher than estimated, and all cars and machines, robots and artificial intelligence are being digitalised, producing huge amounts of data which is stored in data centres.”

US researchers expect power consumption to triple in the next five years as one billion more people come online in developing countries, and the “internet of things” (IoT), driverless cars, robots, video surveillance and artificial intelligence grows exponentially in rich countries.

The industry has encouraged the idea that the digital transformation of economies and large-scale energy efficiencies will slash global emissions by 20% or more, but the scale and speed of the revolution has been a surprise.

Global internet traffic will increase nearly threefold in the next five years says the latest Cisco Visual Networking Index, a leading industry tracker of internet use.

“More than one billion new internet users are expected, growing from three billion in 2015 to 4.1bn by 2020. Over the next five years global IP networks will support up to 10bn new devices and connections, increasing from 16.3bn in 2015 to 26bn by 2020,” says Cisco.

A 2016 Berkeley laboratory report for the US government estimated the country’s data centres, which held about 350m terabytes of data in 2015, could together need over 100TWh of electricity a year by 2020. This is the equivalent of about 10 large nuclear power stations.

Data centre capacity is also rocketing in Europe, where the EU's plan to double electricity use by 2050 could compound demand, and Asia with London, Frankfurt, Paris and Amsterdam expected to add nearly 200MW of consumption in 2017, or the power equivalent of a medium size power station.

“We are seeing massive growth of data centres in all regions. Trends that started in the US are now standard in Europe. Asia is taking off massively,” says Mitual Patel, head of EMEA data centre research at global investment firm CBRE.

“The volume of data being handled by such centres is growing at unprecedented rates. They are seen as a key element in the next stage of growth for the ICT industry”, says Peter Corcoran, a researcher at the university of Ireland, Galway.

Using renewable energy sounds good but no one else benefits from what will be generated, and it skews national attempts to reduce emissions

Ireland, which with Denmark is becoming a data base for the world’s biggest tech companies, has 350MW connected to data centres but this is expected to triple to over 1,000MW, or the equivalent of a nuclear power station size plant, in the next five years.

Permission has been given for a further 550MW to be connected and 750MW more is in the pipeline, says Eirgrid, the country’s main grid operator.

“If all enquiries connect, the data centre load could account for 20% of Ireland’s peak demand,” says Eirgrid in its All-Island Generation Capacity Statement 2017-2026  report.

The data will be stored in vast new one million square feet or larger “hyper-scale” server farms, which companies are now building. The scale of these farms is huge; a single $1bn Apple data centre planned for Athenry in Co Galway, expects to eventually use 300MW of electricity, or over 8% of the national capacity and more than the daily entire usage of Dublin. It will require 144 large diesel generators as back up for when the wind does not blow.

 Facebook’s Lulea data centre in Sweden, located on the edge of the Arctic circle, uses outside air for cooling rather than air conditioning and runs on hydroelectic power generated on the nearby Lule River. Photograph: David Levene for the Guardian

Pressed by Greenpeace and other environment groups, large tech companies with a public face , including Google, Facebook, Apple, Intel and Amazon, have promised to use renewable energy to power data centres. In most cases they are buying it off grid but some are planning to build solar and wind farms close to their centres.

Greenpeace IT analyst Gary Cook says only about 20% of the electricity used in the world’s data centres is so far renewable, with 80% of the power still coming from fossil fuels.

“The good news is that some companies have certainly embraced their responsibility, and are moving quite aggressively to meet their rapid growth with renewable energy. Others are just growing aggressively,” he says.

Architect David Hughes, who has challenged Apple’s new centre in Ireland, says the government should not be taken in by the promises.

“Using renewable energy sounds good but no one else benefits from what will be generated, and it skews national attempts to reduce emissions. Data centres … have eaten into any progress we made to achieving Ireland’s 40% carbon emissions reduction target. They are just adding to demand and reducing our percentage. They are getting a free ride at the Irish citizens’ expense,” says Hughes.

Eirgrid estimates indicate that by 2025, one in every 3kWh generated in Ireland could be going to a data centre, he added. “We have sleepwalked our way into a 10% increase in electricity consumption.”

Fossil fuel plants may have to be kept open longer to power other parts of the country, and manage issues like SF6 use in electrical equipment, and the costs will fall on the consumer, he says. “We will have to upgrade our grid and build more power generation both wind and backup generation for when the wind isn’t there and this all goes onto people’s bills.”

Under a best case scenario, says Andrae, there will be massive continuous improvements of power saving, as the global energy transition gathers pace, renewable energy will become the norm and the explosive growth in demand for data will slow.

But equally, he says, demand could continue to rise dramatically if the industry keeps growing at 20% a year, driverless cars each with dozens of embedded sensors, and cypto-currencies like Bitcoin which need vast amounts of computer power become mainstream.

“There is a real risk that it all gets out of control. Policy makers need to keep a close eye on this,” says Andrae.

Related News

• Electricity Forum News

• Climate Change News

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News

Netherlands renewable energy progress highlights rising wind energy and solar power output, delivering 17 billion kWh of green electricity from sustainable sources, yet trailing EU targets, with wind providing 60% and solar 34%.

Key Points

It is the country's growth in green electricity, led by wind and solar, yet short of EU targets at 13.8% of generation.

✅ 17 billion kWh green output; 13.8% of total generation

✅ Wind energy up 16% to 9.6 billion kWh; 60% of green power

✅ Solar power up about 13%; 34% of renewable production

The Netherlands is generating more electricity from sustainable sources as US renewable record 28% in April underscores broader momentum but is still far from reaching its targets, the national statistics office CBS said on Friday.

In total, the Netherlands produced 17 billion kilowatts of green energy last year, a rise of 10% on 2016. Sustainable sources now account for 13.8 per cent of energy generation, even as solar reshapes prices in Northern Europe across the region.

The biggest growth was in wind energy – up 16 per cent to 9.6 billion kWh – or the equivalent of energy for three million households. Wind energy now accounts for 60 per cent of green Dutch power. The amount of solar power, which accounts for 34% of green energy production, rose almost 13 per cent, and Dutch solar outpaces Canada according to recent reports.

In January, European statistics agency Eurostat said the Netherlands is near the bottom of a new table on renewable energy use in Europe. The EU has a target of a fifth of all energy use from green sources by 2020 and – while some countries have reached their own targets, including Germany's 50% clean power milestones – the Dutch, French and Irish need to increase their rates by at least 6%, Eurostat said, and Ireland has set green electricity goals for the next four years to close the gap.

Related News

• Electricity Forum News

• Renewable Energy News